about summary refs log tree commit diff
path: root/app/models/user.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/user.rb')
-rw-r--r--app/models/user.rb32
1 files changed, 17 insertions, 15 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index b716c13fd..2d5f145fa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -52,6 +52,8 @@ class User < ApplicationRecord
   devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
          :confirmable
 
+  devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
+
   devise :omniauthable
 
   belongs_to :account, inverse_of: :user
@@ -96,7 +98,7 @@ class User < ApplicationRecord
 
   def pam_conflict?
     return false unless Devise.pam_authentication
-    encrypted_password.present? && is_pam_account?
+    encrypted_password.present? && pam_managed_user?
   end
 
   def pam_get_name
@@ -267,22 +269,22 @@ class User < ApplicationRecord
   end
 
   def self.pam_get_user(attributes = {})
-    if attributes[:email]
-      resource =
-        if Devise.check_at_sign && !attributes[:email].index('@')
-          joins(:account).find_by(accounts: { username: attributes[:email] })
-        else
-          find_by(email: attributes[:email])
-        end
-
-      if resource.blank?
-        resource = new(email: attributes[:email])
-        if Devise.check_at_sign && !resource[:email].index('@')
-          resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}"
-        end
+    return nil unless attributes[:email]
+    resource =
+      if Devise.check_at_sign && !attributes[:email].index('@')
+        joins(:account).find_by(accounts: { username: attributes[:email] })
+      else
+        find_by(email: attributes[:email])
+      end
+
+    if resource.blank?
+      resource = new(email: attributes[:email])
+      if Devise.check_at_sign && !resource[:email].index('@')
+        resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
+        resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
       end
-      resource
     end
+    resource
   end
 
   def self.ldap_get_user(attributes = {})